updated 04:15 pm EDT, Fri April 20, 2007

Microsoft on Chinese Vista

Opening sales of Windows Vista in China were much stronger than the 244 copies claimed earlier this week, according to a spokesman from Microsoft. Though the company declined to provide an actual figure for the number of copies sold during the new operating system's first weeks on the market, Microsoft said that sales were "double" those of XP during the same amount of time. The corrected number suggests that Chinese sales were proportionate to worldwide sales results that exceeded the XP launch of 2001.

"Recent speculation regarding sales data in China is inaccurate," the Microsoft response said directly. "We're pleased with the positive consumer response we've seen around the globe to the security and usability enhancements in Windows Vista--and China is no exception."

An earlier report had alleged that abundant piracy in China had almost completely eliminated legitimate sales of the OS, encouraging individuals to buy copies for a fraction of the official price.

Mac News..???

I am struggling to understand how is information about Vista sales in China related to the subject matter MacNN is supposed to cover ("...premier source for Macintosh and iPod news, reviews, discussion, tips, troubleshooting, links, and reviews. MacNN publishes dozens of news stories related to Apple, iTunes, iPod, and the Mac industry...").

I can understand that this may appear on their Electronista brand, but it may just be cluttering the MacNN news outlet.

So much so that it compelled me to write this. I wonder if anyone out there disagrees?

245 not 244

disingenuous

"The corrected number suggests that Chinese sales were proportionate to worldwide sales results that exceeded the XP launch of 2001."

While technically correct, this is very disingenuous. Worldwide sales have doubled since 2001, but sales in China, a fast developing country, have risen far, far more than 100%. A doubling of sales relative to XP means that, in China, they are experiencing a much, much weaker launch than XP did.

RE: Mac News..???

Safari has inherent flaws

Safari has several inherent flaws that Apple needs to fix. I don't know which, if any, of them will turn out to be what was used in this attack, but they still need to be fixed.

The biggest one is that it automatically opens downloaded files it considers "safe" by default. This means that the security of Safari is no greater than the security of any other application on the system registered in LaunchServices for any file type Safari considers "safe".

There have been several vulnerabilities found in this design. It's nowhere near so bad as Microsoft's active content and leaky "Security Zones" but it's still fundamentally backwards.

In addition, any browser on the Mac and any browser in Windows that uses Microsoft's corresponding URI-to-helper-application mechanism can be used to launch an attack on any application that's registered as a helper application for a URI type. This is another hole that needs to be plugged, on both platforms.

First, disable 'Open "safe" files after downloading' in Safari.

Second, Apple and Microsoft both need to separate their helper application databases into one for local documents, and one for untrusted documents, with the application that requested the document (or the enclosing document) being the sole arbiter of whether the document is trusted or not: that is, no "security zones", but rather a "this document is trusted" characteristic that defaults to *off*, is irrevocably inherited by enclosed documents, and has to be explicitly set by the application.

Nothing less will solve the problem.

Other problems in Safari include the default use of the Finder to open FTP: URLs (what were they thinking?). These are all easy low hanging fruit that Apple should be picking *now*.